Using the Web-Browser and CLI Interfaces

Similar documents
Administration of Cisco WLC

Administration of Cisco WLC

Managing Certificates

Managing Controller Software and Configurations

Managing User Accounts

Troubleshooting 1240AG Series Autonomous Access Points

Initial Configuration for the Switch

Managing the Mobility Express Network

Using the Web Graphical User Interface

Troubleshooting Autonomous Access Points

DGS-3630-Series Switches

Configuration Guide. Upgrading AOS Firmware L1-29.1D July 2011

Using the Web Graphical User Interface

Upgrading the Software

Managing Software. Upgrading the Controller Software. Considerations for Upgrading Controller Software

Configuring the Access Point/Bridge for the First Time

S38 Basic Configuration

Using the Cisco NCS Command-Line Interface

Cisco IOS Software Basic Skills

Cisco ISE Command-Line Interface

7000 Series Managed Switch

Managing Web Authentication

Troubleshooting 1240AG Series Lightweight Access Points

Lab Configuring an ISR with SDM Express

HP Load Balancing Module

SSL VPN Reinstallation

Lab Configure Basic AP security through GUI

Configuring IDS Signatures

UCS Manager Communication Services

Managing Security Certificates in Cisco Unified Operating System

Lab 7 Configuring Basic Router Settings with IOS CLI

Bring-up the Router. Boot the Router

Nova series update F/W & Boot code from Boot Utility

Manage Certificates. Certificates Overview

Troubleshooting Lightweight Access Points

MiPDF.COM. 3. Which procedure is used to access a Cisco 2960 switch when performing an initial configuration in a secure environment?

Using Cisco Unity Express Software

Using SSL to Secure Client/Server Connections

Configuring the CSS for Device Management

Configuring the Switch with the CLI-Based Setup Program

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Initial Configuration on ML-Series Card

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

XenMobile 10 Cluster installation. Here is the task that would be completed in order to implement a XenMobile 10 Cluster.

Configuring the Switch with the CLI-Based Setup Program

CHAPTER. Introduction

Quick Start Guide L1-13B June Network Diagram. Tools Required. Installing and Configuring the NetVanta 950 IAD

CHAPTER 2 ACTIVITY

Using Cisco IOS XE Software

SSH Configuration. Page 1 of 8

Server Utilities. Enabling Or Disabling Smart Access USB. This chapter includes the following sections:

Upgrade 6081RC Firmware

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Logging In and Setting Up

User and System Administration

ZyWALL 70. Internet Security Appliance. Quick Start Guide Version 3.62 December 2003

CCNA 1 Chapter 2 v5.0 Exam Answers 2013

24-Port Gigabit with 4 Optional 10G Slots. Layer 3 Managed Stackable Switch XGS Quick Installation Guide

Configuring Switch Security

Deploy a Customer Site

Table of Contents. Cisco Password Recovery Procedure for the Cisco Aironet Equipment

Management Software AT-S79. User s Guide. For use with the AT-GS950/16 and AT-GS950/24 Smart Switches. Version Rev.

File Menu Commands. Save Running Config to PC. Deliver Configuration to Router CHAPTER40. Save Running Config to Router s Startup Config

CCNA 1 Chapter 2 v5.0 Exam Answers %

Cisco Unified Serviceability

Configuring the JUNOS Software the First Time on a Router with a Single Routing Engine

EZL-200F Application Notes (002) SSL (Secure Socket Layer)

Command-Line Interfaces

Logging in to the CLI

H3C SecBlade SSL VPN Card

User Inputs for Installation

Managing GSS Devices from the GUI

Express Setup. System Requirements. Express Setup CHAPTER

User authentication configuration example 11 Command authorization configuration example 13 Command accounting configuration example 14

Installing the Cisco Unified Videoconferencing 3545 MCU

Contents. Table of Contents

Upgrading from TrafficShield 3.2.X to Application Security Module 9.2.3

System Configuration

Managing Web Authentication

Software Manual Net Configuration Tool Rev. 1.01

Bring-up the Router. Boot the Router

Configuring SSL Security

Quickstart Guide for SSL Offloaders Running 4.1 Firmware Prepared by SonicWALL, Inc. 01/20/2003

AVWorks. Installer/User Guide

Network Configuration Example

28-Port 10/100/1000Mbps with. 4 Shared SFP Managed Gigabit Switch WGSW / WGSW-28040P. Quick Installation Guide

Troubleshooting. Contacting Cisco TAC. Checking the Version Number of Cisco Configuration Engine APPENDIXA

Nortel Secure Router 2330/4134 Commissioning. Release: 10.2 Document Revision: NN

Platform Compatibility

Configuring for the First Time

SuperLumin Nemesis. Getting Started Guide. February 2011

Configuring the SSL Services Module

Install the ExtraHop session key forwarder on a Windows server

Reset the Admin Password with the ExtraHop Rescue CD

24-Port Gigabit with 4 Optional 10G Slots. Layer 3 Managed Stackable Switch XGS / XGS Quick Installation Guide

Implementing Secure Shell

Configurations for the Layer 3 Switch Router

Lab Configure Basic AP Security through IOS CLI

Dell OpenManage Baseboard Management Controller. User s Guide. support.dell.com

Configuring the Management Interface and Security

Transcription:

CHAPTER 2 This chapter describes the web-browser and CLI interfaces that you use to configure the controller. It contains these sections: Using the Web-Browser Interface, page 2-2 Using the CLI, page 2-7 Enabling Wireless Connections to the Web-Browser and CLI Interfaces, page 2-9 2-1

Using the Web-Browser Interface Chapter 2 Using the Web-Browser Interface The web-browser interface (hereafter called the GUI) is built into each controller. It allows up to five users to simultaneously browse into the controller HTTP or HTTPS (HTTP + SSL) management pages to configure parameters and monitor operational status for the controller and its associated access points. Cisco recommends that you enable the HTTPS interface and disable the HTTP interface to ensure more robust security for your Cisco UWN Solution. Guidelines for Using the GUI Keep these guidelines in mind when using the GUI: The GUI must be used on a PC running Windows XP SP1 or higher or Windows 2000 SP4 or higher. The GUI is fully compatible with Microsoft Internet Explorer version 6.0 SP1 or higher. Opera, Mozilla, and Netscape are not supported. Microsoft Internet Explorer version 6.0 SP1 or higher is required for using web authentication. You can use either the service port interface or the management interface to access the GUI. Cisco recommends that you use the service-port interface. Refer to Chapter 3 for instructions on configuring the service port interface. Click Help at the top of any page in the GUI to display online help. You might need to disable your browser s pop-up blocker to view the online help. Opening the GUI To open the GUI, enter the controller IP address in the browser s address line. For a secure connection, enter https://ip-address. For a less secure connection, enter http://ip-address. See the Using the GUI to Enable Web and Secure Web Modes section on page 2-2 for instructions on setting up HTTPS. Enabling Web and Secure Web Modes This section provides instructions for enabling the distribution system port as a web port (using HTTP) or as a secure web port (using HTTPS). You can configure web and secure web mode using the controller GUI or CLI. Using the GUI to Enable Web and Secure Web Modes Follow these steps to enable web mode, secure web mode, or both using the controller GUI. 2-2

Chapter 2 Using the Web-Browser Interface Step 1 Click Management > HTTP to open the HTTP Configuration page (see Figure 2-1). Figure 2-1 HTTP Configuration Page Step 4 To enable web mode, which allows users to access the controller GUI using http://ip-address, choose Enabled from the HTTP Access drop-down box. Otherwise, choose Disabled. The default value is Disabled. Web mode is not a secure connection. To enable secure web mode, which allows users to access the controller GUI using https://ip-address, choose Enabled from the HTTPS Access drop-down box. Otherwise, choose Disabled. The default value is Enabled. Secure web mode is a secure connection. Click Apply to commit your changes. If desired, you can delete the current certificate by clicking Delete Certificate and have the controller generate a new certificate by clicking Regenerate Certificate. Step 5 Click Save Configuration to save your changes. Using the CLI to Enable Web and Secure Web Modes Follow these steps to enable web mode, secure web mode, or both using the controller CLI. Step 1 To enable or disable web mode, enter this command: config network webmode {enable disable} This command allows users to access the controller GUI using http://ip-address. The default value is disabled. Web mode is not a secure connection. To enable or disable secure web mode, enter this command: config network secureweb {enable disable} 2-3

Using the Web-Browser Interface Chapter 2 Step 4 Step 5 Step 6 Step 7 This command allows users to access the controller GUI using https://ip-address. The default value is enabled. Secure web mode is a secure connection. To enable or disable secure web mode with increased security, enter this command: config network secureweb cipher-option high {enable disable} This command allows users to access the controller GUI using https://ip-address but only from browsers that support 128-bit (or larger) ciphers. The default value is disabled. To verify that the controller has generated a certificate, enter this command: show certificate summary Information similar to the following appears: Web Administration Certificate... Locally Generated Web Authentication Certificate... Locally Generated Certificate compatibility mode:... off (Optional) If you need to generate a new certificate, enter this command: config certificate generate webadmin After a few seconds, the controller verifies that the certificate has been generated. To save the SSL certificate, key, and secure web password to non-volatile RAM (NVRAM) so that your changes are retained across reboots, enter this command: save config To reboot the controller, enter this command: reset system You can use a TFTP server to download an externally generated SSL certificate to the controller. Follow these guidelines for using TFTP: If you load the certificate through the service port, the TFTP server must be on the same subnet as the controller because the service port is not routable, or you must create static routes on the controller. Also, if you load the certificate through the distribution system network port, the TFTP server can be on any subnet. A third-party TFTP server cannot run on the same computer as the Cisco WCS because the WCS built-in TFTP server and the third-party TFTP server require the same communication port. Every HTTPS certificate contains an embedded RSA key. The length of the key can vary from 512 bits, which is relatively insecure, to thousands of bits, which is very secure. When you obtain a new certificate from a Certificate Authority, make sure that the RSA key embedded in the certificate is at least 768 bits long. Using the GUI to Load an SSL Certificate Follow these steps to load an externally generated SSL certificate using the controller GUI. Step 1 On the HTTP Configuration page, check the Download SSL Certificate check box (see Figure 2-2). 2-4

Chapter 2 Using the Web-Browser Interface Figure 2-2 HTTP Configuration Page Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 In the Server IP Address field, enter the IP address of the TFTP server. In the Maximum Retries field, enter the maximum number of times that the TFTP server attempts to download the certificate. In the Timeout field, enter the amount of time (in seconds) that the TFTP server attempts to download the certificate. In the Certificate File Path field, enter the directory path of the certificate. In the Certificate File Name field, enter the name of the certificate (webadmincert_name.pem). (Optional) In the Certificate Password field, enter a password to encrypt the certificate. Click Apply to commit your changes. Click Save Configuration to save your changes. To reboot the controller for your changes to take effect, click Commands > Reboot > Reboot > Save and Reboot. Using the CLI to Load an SSL Certificate Follow these steps to load an externally generated SSL certificate using the controller CLI. Step 1 Use a password to encrypt the HTTPS certificate in a.pem-encoded file. The PEM-encoded file is called a web administration certificate file (webadmincert_name.pem). Move the webadmincert_name.pem file to the default directory on your TFTP server. To view the current download settings, enter this command and answer n to the prompt: transfer download start Information similar to the following appears: Mode... TFTP Data Type... Admin Cert TFTP Server IP... xxx.xxx.xxx.xxx 2-5

Using the Web-Browser Interface Chapter 2 TFTP Path... <directory path> TFTP Filename... Are you sure you want to start? (y/n) n Transfer Canceled Step 4 Step 5 Step 6 Use these commands to change the download settings: transfer download mode tftp transfer download datatype webauthcert transfer download serverip TFTP_server IP_address transfer download path absolute_tftp_server_path_to_the_update_file transfer download filename webadmincert_name.pem To set the password for the.pem file so that the operating system can decrypt the web administration SSL key and certificate, enter this command: transfer download certpassword private_key_password To confirm the current download settings and start the certificate and key download, enter this command and answer y to the prompt: transfer download start 2-6

Chapter 2 Using the CLI Information similar to the following appears: Mode... TFTP Data Type... Site Cert TFTP Server IP... xxx.xxx.xxx.xxx TFTP Path... directory path TFTP Filename... webadmincert_name Are you sure you want to start? (y/n) y TFTP Webadmin cert transfer starting. Certificate installed. Please restart the switch (reset system) to use the new certificate. Step 7 Step 8 To save the SSL certificate, key, and secure web password to NVRAM so that your changes are retained across reboots, enter this command: save config To reboot the controller, enter this command: reset system Using the CLI The Cisco UWN Solution command line interface (CLI) is built into each controller. The CLI allows you to use a VT-100 emulator to locally or remotely configure, monitor, and control individual controllers and its associated lightweight access points. The CLI is a simple text-based, tree-structured interface that allows up to five users with Telnet-capable terminal emulators to access the controller. Refer to the Cisco Wireless LAN Controller Command Reference for information on specific commands. If you want to input any strings from the XML configuration into CLI commands, you must enclose the strings in quotation marks. Logging into the CLI Using a Local Serial Connection You access the CLI using one of two methods: A direct ASCII serial connection to the controller console port A remote console session over Ethernet through the pre-configured service port or the distribution system ports Before you log into the CLI, configure your connectivity and environment variables based on the type of connection you use. You need these items to connect to the serial port: A computer that has a DB-9 serial port and is running a terminal emulation program A DB-9 male-to-female null-modem serial cable 2-7

Using the CLI Chapter 2 Follow these steps to log into the CLI through the serial port. Step 1 Connect your computer to the controller using the DB-9 null-modem serial cable. Open a terminal emulator session using these settings: 9600 baud 8 data bits 1 stop bit No parity No hardware flow control At the prompt, log into the CLI. The default username is admin, and the default password is admin. The controller serial port is set for a 9600 baud rate and a short timeout. If you would like to change either of these values, enter config serial baudrate baudrate and config serial timeout timeout to make your changes. If you enter config serial timeout 0, serial sessions never time out. Using a Remote Ethernet Connection You need these items to connect to a controller remotely: A computer with access to the controller over the Ethernet network The IP address of the controller A terminal emulation program or a DOS shell for the Telnet session By default, controllers block Telnet sessions. You must use a local connection to the serial port to enable Telnet sessions. Follow these steps to log into the CLI through a remote Ethernet connection. Step 1 Verify that your terminal emulator or DOS shell interface is configured with these parameters: Ethernet address Port 23 Use the controller IP address to Telnet to the CLI. At the prompt, log into the CLI. The default username is admin, and the default password is admin. Logging Out of the CLI When you finish using the CLI, navigate to the root level and enter logout. The system prompts you to save any changes you made to the volatile RAM. 2-8

Chapter 2 Enabling Wireless Connections to the Web-Browser and CLI Interfaces Navigating the CLI The CLI is organized around five levels: Root Level Level 2 Level 3 Level 4 Level 5 When you log into the CLI, you are at the root level. From the root level, you can enter any full command without first navigating to the correct command level. Table 2-1 lists commands you use to navigate the CLI and to perform common tasks. Table 2-1 Commands for CLI Navigation and Common Tasks Command help Action At the root level, view systemwide navigation commands? View commands available at the current level command? View parameters for a specific command exit Move down one level Ctrl-Z Return from any level to the root level save config At the root level, save configuration changes from active working RAM to non-volatile RAM (NVRAM) so they are retained after reboot reset system At the root level, reset the controller without logging out Enabling Wireless Connections to the Web-Browser and CLI Interfaces You can monitor and configure controllers using a wireless client. This feature is supported for all management tasks except uploads from and downloads to the controller. Before you can open the GUI or the CLI from a wireless client device, you must configure the controller to allow the connection. Follow these steps to enable wireless connections to the GUI or CLI. Step 1 Step 4 Log into the CLI. Enter config network mgmt-via-wireless enable. Use a wireless client to associate to a lightweight access point connected to the controller. On the wireless client, open a Telnet session to the controller, or browse to the controller GUI. 2-9

Enabling Wireless Connections to the Web-Browser and CLI Interfaces Chapter 2 Tip To use the controller GUI to enable wireless connections, click Management > Mgmt Via Wireless page and check the Enable Controller Management to be accessible from Wireless Clients check box. 2-10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback